docs-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): Uses standard filesystem commands (
find,mkdir,mv,test) to reorganize documentation. These operations are restricted to the local environment and the specific task of file management. - [DATA_EXFILTRATION] (SAFE): The skill reads project metadata (README, package.json) and documentation files to categorize content. No network-based exfiltration patterns or external URLs were detected.
- [PROMPT_INJECTION] (LOW): This skill is subject to indirect prompt injection (Category 8).
- Ingestion points: Reads first 100 lines of all
.mdfiles in the/docsdirectory, as well as root configuration files. - Boundary markers: None. The agent is instructed to read and categorize content without specific delimiters or instructions to ignore embedded commands.
- Capability inventory: Can move files, create directories, and modify specific project files like
CLAUDE.md. - Sanitization: None. The agent processes raw text from existing documentation.
- Assessment: A malicious actor could place instructions inside a markdown file (e.g., in a hidden comment) to influence how the agent reorganizes the documentation or what it writes into the
blueprint.mdfile. However, the impact is limited to the documentation scope.
Audit Metadata